Suspicious process running under user

Post Reply
leonep
Junior Member
Posts: 20
Joined: 15 Dec 2014, 10:30

Suspicious process running under user

Post by leonep »

what can i do ? i have changed all account passwords but somwthing continue to create this process.
This is a joomla website (updated) . I need exploit scanner?


Time: Thu Mar 31 16:03:56 2016 +0200
PID: 11550 (Parent PID:9249)
Account: archeage
Uptime: 97 seconds


Executable:

/opt/cpanel/ea-php55/root/usr/bin/php-cgi


Command Line (often faked in exploits):

/opt/cpanel/ea-php55/root/usr/bin/php-cgi /home/archeage/public_html/DePTBdwoNkmI/se0qPW54B.php


Network connections by the process (if any):

tcp: 188.165.218.157:60788 -> 195.128.125.248:80


Files open by the process (if any):



Memory maps by the process (if any):

00400000-00746000 r-xp 00000000 09:02 1144572 /opt/cpanel/ea-php55/root/usr/bin/php-cgi
00945000-009d0000 rw-p 00345000 09:02 1144572 /opt/cpanel/ea-php55/root/usr/bin/php-cgi
leonep
Junior Member
Posts: 20
Joined: 15 Dec 2014, 10:30

Re: Suspicious process running under user

Post by leonep »

i am always running this problem , someone can help me investigating? i don't know what do
i have joomla website updated , all plugin updated , i have changed all password from cpanel and from joomla users..thanks
bizzgang
Junior Member
Posts: 1
Joined: 22 Mar 2017, 15:07

Re: Suspicious process running under user

Post by bizzgang »

I have the same, here is the code from the configserver, any idea ????

EXE:/opt/cpanel/ea-php56/root/usr/bin/php-cgi CMD:/opt/cpanel/ea-php56/root/usr/bin/php-cgi
Post Reply